• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Adding CSP to Struts 1.2.7  RSS feed

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Has anyone added CSP to struts 1.2.7?  

1.2.7 doesn't seem to have the BaseDispatchAction class.  At least not that I can pull up with my IDE.
 
Saloon Keeper
Posts: 5048
135
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're working on a web app that still uses Struts 1.x, the first thing you need to do is to upgrade it to the latest Struts 2 version. All versions of Struts 1 have several publicized security holes that have not -and will not- get patched.
 
Bartender
Posts: 9550
12
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree with Tim.
That said, I'm not aware of any BaseDispatchAction class in Struts 1.  There is a DispatchAction, which is an abstract class intended to be extended by the developer and used to create a class with several related execute methods (For example, all the CRUD methods for a particular piece of data).
 
william chester
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unfortunately I don't have the choice to upgrade at this time.  I guess I should ask does csp work in struts 1.2.7?
 
Joe Ess
Bartender
Posts: 9550
12
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
By CSP, do you mean Content Security Policy?  I have used Tomcat's httpHeaderSecurity to add protection against malicious requests.  
You should be aware that Struts 1.2.7 has known vulnerabilities to cross site scripting (among other known attacks) and I don't know that a filter at the server layer would protect against that.
If you are concerned about security (including XSS), the solution is to upgrade Struts or move to another framework.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!